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Sir: 



This is an appeal from the final rejection mailed on December 2, 2005 for the above- 
identified patent application. The notice of appeal was filed on January 26, 2006. 

A petition and fee for a one-month extension of time are being filed with this appeal brief. 



The real party in interest is Hewlett-Packard Development Company, LP, a limited 
partnership established under the laws of the State of Texas and having a principal place of 
business at 20555 S.H. 249 Houston, TX 77070, U.S.A. (hereinafter "HPDC"). HPDC is a Texas 
limited partnership and is a wholly-owned affiliate of the Hewlett-Packard Company, a Delaware 
Corporation, headquartered in Palo Alto, CA. The general or managing partner of HPDC is HPQ 
Holdings, LLC. 

RELATED APPEALS AND INTERFERENCES 
Appellant is unaware of any other prior and pending appeals, interferences or judicial 
proceedings which may be related to, directly affect or be directly affected by or have a bearing on 
the Board's decision in the pending appeal 
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STATUS OF CLAIMS 
Claims 1-11 and 14-30 are currently pending. Claims 1-1 1 and 14-30 are the subject of this 
appeal and are reproduced in the accompanying claims appendix. 

STATUS OF AMENDMENTS 
No amendment after final rejection has been entered. 

SUMMARY OF CLAIMED SUBJECT MATTER 
The invention described and claimed in the present application relates to electronic 
certificates that delegate an attribute from an issuer to a subject and are signed by the user. 
Specification at page 1, lines 5-6. An "attribute" is any capability, characteristic or authorization 
that can be associated with the subject. Id. at page 1, lines 8-11. "Delegation" means to bestow an 
attribute by an issuer of a certificate to the subject named in the certificate. Id. at page 1, lines 13- 
14. 

Electronic certificates are useful for controlling access to electronic resources. They are 
useful for facilitating electronic commerce. 

The prior art to this application, the "aapa," discloses the issuance of electronic certificates 
to subjects who may then in turn issue electronic certificates to further subjects if given that 
authority, and the proving of a trusted chain of delegations of authorization so that a given subject 
may authorized to use an electronic resource. Id. at page 1, line 23 to page 5, line 31. 

The aapa provides for issuance of certificates only when any prior conditions regarding the 
attribute to be possessed by the subject have been proved to the satisfaction of the certificate 
issuer. This is an unconditional issuance because the issuer has been satisfied that the prior 
conditions have been met and issues the certificate. Having to previously satisfy the issuer can 
significantly hamper the issuing of certificates. See id. at page 6, lines 4-8. 

The standard VALIDITY field of aapa certificates is, in effect, a condition carried by the 
certificate. It could include data about, for example, the date range identifying the period over 
which the certificate is valid. However, this is a condition directed at the validity of the certificate 
itself and does not define an attribute required of a particular subject. Id. at page 6, line 28 to 
page 7, line 8. 
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The invention, as claimed in claims 1-10, generally provides "computer-readable medium 
storing an electronic certificate data structure comprising content data specifying an attribute 
delegation from an identified issuer to a certificate subject, and an electronic signature of said 
issuer for confirming the content data; wherein the content data includes a condition requiring that 
a particular subject must have a particular attribute in order for the delegation to be valid" 
(emphasis supplied.) This aspect of the invention is generally directed to electronic certificates 
that contain subject-directed conditions that must be found to be true in respect of the subject of 
the certificate before that subject can be taken as having been delegated the attribute specified in 
the certificate. Id. at page 8, lines 8-15 and Figure 5. Certificates containing subiect-directed 
conditions are referred to in the specification as conditional electronic certificates. Id. at page 8, 
lines 15-16. 

The specification provides an example of a condition in the content data of a conditional 
electronic certificate. The "condition requiring that a particular subject must have a particular 
attribute in order for the delegation to be valid" to be satisfied is that a principal (employee Z) is 
an authorized buyer of department Y of company X. A chain of aapa electronic certificates can 
provide a trust chain between issuer SELF and employee Z but this cannot independently establish 
that employee Z has the attribute or qualification of being an authorized buyer. A conditional 
electronic certificate of the kind disclosed in this application will require the subject (employee Z 
in this example) to have a specified qualification attribute. Even though all employees of 
department Y may have the attribute "authorized buyer of department Y" applied to them to prove 
they are the subjects of their certificates the certificates would still require the subject to have a 
specified qualification. The specified qualification could be provided, for example, by a trusted 
third party or by a training section TS of the department Y of the company X to establish that the 
employee X has the requisite qualification. The certificate will then prove a trusted relationship so 
that employee X may have access to the desired capability or attribute. See generally id. at page 
1 7, line 19 to page 1 8, line 7. More than one attribute required of a subject, linked in a logical 
order such as AND, OR, and NOT, can be included in a conditional certificate. Id. at page 8, lines 
18-22. 

Claims 1 1 and 14-18 are directed to apparatus for generating such conditional electronic 
certificates. Claims 19-24 are directed to reduction engines {see Figures 1 1-13) for verifying the 
existence of a trust chain of justified attribute delegations that comprises a trust-chain branch 
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control arranged to require the trust-chain verifier to establish a branch of the trust chain when a 
conditional certificate is encountered. Claims 25-30 are directed generally to a trust chain 
discovery engine (see Figures 6 and 1 1-13) for finding a trust chain of justified attribute 
delegations that overall imparts a required attribute from a trusted issuer to a target subject that 
comprises a trust-chain branch control arranged to require the trust-chain builder to seek to build a 
branch of the trust chain when a conditional certificate is encountered. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 
Issue: Whether Claims 1-1 1 and 14-30 are patentable under 35 U.S.C. 103(a) in view of 
Appellant's admitted prior art (the "aapa")? 

GROUPING OF CLAIMS 
For each ground of rejection which the Appellant contests herein and which applies to 
more than one claim, such additional claims, to the extent separately identified and argued below, 
do not stand or fall together. 

ARGUMENT 

Claims 1-11 and 14-30 Are Patentable under 35 U.S. C. § 103(a) in View of the Aapa 
In the final Office Action of December 2, 2005, the Examiner rejected claims 1-1 1 
and 14-30 1 under 35 U.S.C. 103(a) as being obvious over the aapa. 

The Appellant respectfully disagrees with the conclusions of the Examiner with regard to 
the teaching of the cited prior art and submits that the aapa does not teach or suggest all of the 
claim limitations of the rejected claims. The Appellant submits that the Examiner has not 
established a prima facie case of obviousness based on the aapa, and the rejection of claims 1-11 
and 14-30 based on the aapa should be overturned on appeal. 



1 The December 2, 2005 office action stated on page 2 that claims 1-1 1 and 14-29 were rejected under 35 U.S.C. 
103(a) as being unpatentable over the aapa. The omission of claim 30 appears to be inadvertent because the office 
action discusses this claim on page 3 in the context of the Section 103(a) rejection over the aapa. The Appellant will 
assume that the Examiner meant to reject claim 30. 
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Claim 1 

Claim 1 requires: 

[a] computer-readable medium storing an electronic certificate data structure, the 
data structure comprising: 

content data specifying an attribute delegation from an identified issuer to a 
certificate subject, and 

an electronic signature of said issuer for confirming the content data; 

wherein the content data includes a condition requiring that a particular 
subject must have a particular attribute in order for the delegation to be valid. 

The Examiner held that these limitations are all taught in the aapa except "[n]ot 
explicitly taught is the certificate being stored in a memory," which he held to be obvious. 
Final office action at page 2, line 17 to page 3, line 8. 

The Examiner held that the limitation "the content data includes a condition requiring that 
a particular subject must have a particular attribute in order for the delegation to be valid" is 
disclosed in the aapa because, as he asserts on page 3 of the final Office Action, "a condition in 
aapa is that the particular party must be able to respond to the challenge-response transaction by 
knowing the key pair used to encrypt the data." However, the aapa does not disclose a certificate 
with "content data" that has a conditional association of an attribute with a subject in order for the 
delegation to be valid. 

The Appellant notes that the aapa certificate has a specified certificate subject (SUBJECT 
in Figure 2) to whom a specified particular attribute (AUTHORISATION) is being passed by the 
certificate. A party R receiving the aapa certificate accepts that the specified certificate subject 
now has the particular attribute specified in the aapa certificate (assuming that the party R trusts 
the party signing the certificate). This acceptance is unconditional. 

When a party X claims that the aapa certificate proves that party X has a particular 
attribute, party R can choose simply to accept that party X is the aapa certificate subject, or party 
R can choose to check the identity of party X (see page 3, lines 4-7 of the specification). Party R 
can effect this check in many ways, one of which is by effecting a challenge-response exchange. 
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Such a check on the identity of party X is a completely separate issue from what attribute 
delegation is effected by the aapa certificate. 

The aapa certificate does not require the certificate subject to prove its identity (by a 
challenge-response exchange). Proof of identity is merely at the discretion of the party receiving 
the certificate. The "subject" public key in the aapa certificate merely implicitly corresponds to a 
condition indicating that a particular subject can have a particular attribute (possess the private key 
matching the subject public key) in order for the delegation (the certificate overall) to be valid. 
However, the aapa certificate may be valid even if the subject does not have the particular attribute 
(if the receiving party does not check the attribute through a challenge-response transaction). 

Accordingly, the aapa fails to disclose or suggest a computer-readable medium storing an 
electronic certificate data structure with content data including a "condition requiring that a 
particular subject must have a particular attribute in order for the delegation to be valid' \ as 
recited in claim 1 . Claim 1 requires that the validity of the attribute delegation to the certificate 
subject is to be conditional on the subject having a particular attribute. This is not taught by the 
aapa. The subject matter of claim 1 therefore is not taught or suggested by the aapa. 

At least in view of the above, the Appellant submits that claim 1 is patentable over aapa 
because the Examiner has not made out a prima facie case of obviousness based on the aapa. 

Claim 11 

Claim 1 1 requires: 

[apparatus for generating an electronic certificate data structure, the apparatus 
comprising: 

a data handling arrangement for assembling content data specifying an attribute 
delegation from an identified issuer to a certificate subject, and including a 
condition requiring that a particular subject must have a particular attribute in order 
for the delegation to be valid; and 

a signature arrangement for generating an electronic signature of said issuer over 
said content data. 
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The above arguments show that the aapa fails to disclose or suggest an apparatus as recited 
in claim 1 1, and in particular comprising a data handling arrangement for "including a condition 
requiring that a particular subject must have a particular attribute in order for the delegation to 
be valid ". At least in view of the above, the Appellant submits that claim 1 1 is patentable over the 
aapa. 

Claim 19 

Claim 19 requires: 

[a] reduction engine for verifying the existence of a trust chain of justified attribute 
delegations that overall imparts a required attribute from a trusted issuer to a target 
subject, said reduction engine comprising: 

a trust-chain verifier for combining justified attribute delegations to form 
said trust chain, at least one said attribute delegation being justified on the basis of 
a certificate data structure that comprises content data bestowing a specified 
attribute from an identified issuer to a certificate subject, and an electronic 
signature of said issuer over the content data; and 

a trust-chain branch control arranged to require the trust-chain verifier to 
establish a branch of said trust chain upon the trust-chain verifier using in the trust 
chain a said attribute delegation that is justified on the basis of a conditional said 
certificate data structure that includes in its content data a condition requiring that a 
particular subject must have a particular attribute in order for the delegation 
justified by the certificate to be valid, said branch being required to impart said 
particular attribute to said particular subject from said trusted issuer or another 
trusted issuer. 

The above arguments show that the aapa fails to disclose or suggest a reduction engine as 
recited in claim 19, and in particular comprising a trust-chain branch control arranged to "require 
the trust-chain verifier to establish a branch of said trust chain upon the trust-chain verifier using 
in the trust chain a said attribute delegation that is justified on the basis of a conditional said 
certificate data structure that includes in its content data acrmdition requiring that a particular 
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subject must have a particular attribute in order for the delegation justified by the certificate to be 
valid, " At least in view of the above, the Appellant submits that claim 19 is patentable over the 
aapa. 

Claim 25 

Claim 25 requires: 

[a] trust chain discovery engine for finding a trust chain of justified attribute 
delegations that overall imparts a required attribute from a trusted issuer to a target 
subject, said discovery engine comprising: 

a trust-chain builder for seeking to build up said trust chain using justified 
attribute delegations at least one of which is justified on the basis of a certificate 
data structure that comprises content data bestowing a specified attribute from an 
identified issuer to a certificate subject, and an electronic signature of said issuer 
over the content data; and 

a trust-chain branch control arranged to require the trust-chain builder to 
seek to build a branch of said trust chain upon the trust-chain builder using in the 
trust chain a said attribute delegation that is justified on the basis of a conditional 
said certificate data structure that includes in its content data a condition requiring 
that a particular subject must have a particular attribute in order for the delegation 
justified by the certificate to be valid, said branch being required to impart said 
particular attribute to said particular subject from said trusted issuer or another 
trusted issuer. 

The above arguments show that the aapa fails to disclose or suggest a trust chain discovery 
engine as recited in claim 25, and in particular comprising a trust-chain branch control arranged to 
"require the trust-chain builder to seek to build a branch of said trust chain upon the trust-chain 
builder using in the trust chain a said attribute delegation that is justified on the basis of a 
conditional said certificate data structure that includes in its content data a condition requiring 
that a particular subject must have a particular attribute in order for the delegation justified by 



Appl'n No. 09/732,948 



APPEAL BRIEF 



Page 9 



i 
i 



the certificate to be valid . " At least in view of the above, the Appellant submits that claim 25 is 
patentable over the aapa. 

Claims 2-9, 14-17.20-23 and 26-30 

Claims 2-9 depend directly or indirectly on claim 1; claims 14-17 depend directly or 
indirectly on claim 11; claims 20-23 depend directly or indirectly on claim 19; and claims 26-30 
depend directly or indirectly on claim 25. The Appellant respectfully submits that at least in view 
of their dependency on claims 1, 1 1, 19 or 25, claims 2-9, 14-17, 20-23 and 26-30 are patentable 
over the aapa. 

CONCLUSION 

For the reasons advanced above, the Appellant respectfully contends that claims 1-1 1 and 
14-30 are patentable over the aapa. The Appellant respectfully submits that the Board should 
reverse and withdraw all rejections of the claims pending in the instant application. 

* * * 

The Commissioner is authorized to charge any additional fees which may be required or 
credit overpayment to deposit account no. 12-0415. In particular, if this Appeal Brief is not timely 
filed or the petition for extension of time accompanying this brief is incorrect in stating or paying 
for the amount of time requested, the Commissioner is authorized to treat this response as 
including a petition to extend the time period pursuant to 37 CFR 1.136(a) requesting an extension 
of time of the number of months necessary to make this Appeal Brief timely filed and the petition 
fee due in connection therewith maybe charged to deposit account no. 12-0415. 
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I hereby certify that this correspondence is Respectfully submitted, 

being deposited with the United States Post 
Service with sufficient postage as first class 
mail in an envelope addressed to: Mail Stop 
Appeal Brief - Patents, Commissioner for 
Patents, P.O. Box 1450, Alexandria, VA 22313- 
1450 on 

April 18 2006 

(Date of Transmission) 

Aileen M. Shrestha 

(Name of Person Transmitting) 

(Signature) 

April 18, 2006 

(Date) 




R. babney Eastham ' 
Attorney for Appellant 
Reg. No. 31,247 
LAD AS & PARRY LLP 
5670 Wilshire Boulevard, Suite 2100 
Los Angeles, California 90036 
(323) 934-2300 voice 
(323) 934-0202 facsimile 
reastham(a>,ladas.com 
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1 . (previously presented) A computer-readable medium storing an electronic certificate data 

structure, the data structure comprising: 

content data specifying an attribute delegation from an identified issuer to a certificate 
subject, and 

an electronic signature of said issuer for confirming the content data; 
wherein the content data includes a condition requiring that a particular subject must have 
a particular attribute in order for the delegation to be valid. 

2. (previously presented) A computer-readable medium according to claim 1 , wherein said 
certificate subject is genetically any subject whereby said attribute is delegated to any subject 
capable of showing said condition to be satisfied, the particular subject of said condition being 
explicitly identified in the content data. 

3. (previously presented) A computer-readable medium according to claim 1, wherein said 

certificate subject is specifically identified in the content data. 

4. (previously presented) A computer-readable medium according to claim 3, wherein said 
particular subject is not separately specified but is implicitly said specifically-identified 
certificate subject. 

5. (previously presented) A computer-readable medium according to claim 3, wherein said 
particular subject is explicitly identified. 

6. (previously presented) A computer-readable medium according to claim 1 , including 
multiple said conditions in predetermined logical relationship. 

7. (previously presented) A computer-readable medium according to claim 6, wherein said 
logical relationship is not explicitly but is explicitly stated. 
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8. (previously presented) A computer-readable medium according to claim 6, wherein said 
logical relationship is not explicitly but is implicitly and AND relationship 



9. (previously presented) A computer-readable medium according to claim 1, wherein said 
content data further includes certificate validity data concerning at least one of: 

a date range identifying the period over which the certificate is valid: 

the location of a certificate revocation list that should be checked before the certificate is 

used; 

the location where a one-time use permission can be obtained or the certificate re- 
validated; 

said content data being structured into fields with the validity data and said condition or 
conditions being held in the same field. 

10. (previously presented) A computer-readable medium according to claim 1, wherein the 
certificate has substantially the same form as an SPKI certificate data structure with said 
condition or conditions being held in a validity field of the certificate data structure. 

1 1 . (previously presented) Apparatus for generating an electronic certificate data structure, 
the apparatus comprising: 

a data handling arrangement for assembling content data specifying an attribute 
delegation from an identified issuer to a certificate subject, and including a condition requiring 
that a particular subject must have a particular attribute in order for the delegation to be valid; 
and 

a signature arrangement for generating an electronic signature of said issuer over said 
content data. 

12. -13. (cancelled) 

14. (previously presented) Apparatus according to claim 1 1 , wherein the data handling 
arrangement is arranged to cause said certificate subject to be specifically identified in the 
content data. 
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15. (previously presented) Apparatus according to claim 14, wherein the data handling 
arrangement is arranged to cause said particular subject to be implicitly specified in said content 
data as said specifically-identified certificate subject. 

16. (previously presented) Apparatus according to claim 14, wherein the data handling 
arrangement is arranged to cause said particular subject to be explicitly identified in the content 
data. 

1 7. (previously presented) Apparatus according to claim 1 1 , wherein the data handling 
arrangement is adapted to permit multiple said conditions to be included in the content data in 
predetermined logical relationship. 

18. (previously presented) Apparatus according to claim 1 1 , wherein the data handling 
arrangement is arranged to organize said content data into substantially the same form as an 
SPKI certificate data structure with said condition being held in a validity field of the certificate 
data structure. 

19. (previously presented) A reduction engine for verifying the existence of a trust chain of 
justified attribute delegations that overall imparts a required attribute from a trusted issuer to a 
target subject, said reduction engine comprising: 

A trust-chain verifier for combining justified attribute delegations to form said trust 
chain, at least one said attribute delegation being justified on the basis of a certificate data 
structure that comprises content data bestowing a specified attribute from an identified issuer to a 
certificate subject, and an electronic signature of said issuer over the content data; and 

A trust-chain branch control arranged to require the trust-chain verifier to establish a 
branch of said trust chain upon the trust-chain verifier using in the trust chain a said attribute 
delegation that is justified on the basis of a conditional said certificate data structure that includes 
in its content data a condition requiring that a particular subject must have a particular attribute 
in order for the delegation justified by the certificate to be valid, said branch being required to 
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impart said particular attribute to said particular subject from said trusted issuer or another 
trusted issuer. 

20. (previously presented) A reduction engine according to claim 19, adapted to handle a said 
conditional certificate data structure in which said certificate subject is specifically identified in 
the content data. 

21 . (previously presented) A reduction engine according to claim 20, adapted to handle a said 
conditional certificate data structure in which said particular subject is not separately specified 
but is implicitly said specifically-identified certificate subject. 

22. (previously presented) A reduction engine according to claim 20, adapted to handle a said 
conditional certificate data structure in which said particular subject is explicitly identified. 

23. (previously presented) A reduction engine according to claim 19, adapted to handle a said 
conditional certificate data structure including multiple said conditions in predetermined logical 
relationship. 

24. (previously presented) A reduction engine according to claim 19, adapted to handle a said 
conditional certificate data structure that has substantially the same form as an SPKI certificate 
with said condition being held in a validity field of the certificate. 

25. (previously presented) A trust chain discovery engine for finding a trust chain of justified 
attribute delegations that overall imparts a required attribute from a trusted issuer to a target 
subject, said discovery engine comprising: 

a trust-chain builder for seeking to build up said trust chain using justified attribute delegations at 
least one of which is justified on the basis of a certificate data structure that comprises content 
data bestowing a specified attribute from an identified issuer to a certificate subject, and an 
electronic signature of said issuer over the content data; and 

a trust-chain branch control arranged to require the trust-chain builder to seek to build a 
branch of said trust chain upon the trust-chain builder using in the trust chain a said attribute 
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delegation that is justified on the basis of a conditional said certificate data structure that includes 
in its content data a condition requiring that a particular subject must have a particular attribute 
in order for the delegation justified by the certificate to be valid, said branch being required to 
impart said particular attribute to said particular subject from said trusted issuer or another 
trusted issuer. 

26. (previously presented) A trust chain discovery engine according to claim 25, adapted to 
handle a said conditional certificate data structure in which said certificate subject is specifically 
identified in the content data. 

27. (previously presented) A trust chain discovery engine according to claim 26, adapted to 
handle a said conditional certificate data structure in which said particular subject is not 
separately specified but is implicitly said specifically-identified certificate subject. 

28. (previously presented) A trust chain discovery engine according to claim 26, adapted to 
handle a said conditional certificate data structure in which said particular subject is explicitly 
identified. 

29. (previously presented) A trust chain discovery engine according to claim 25, adapted to 
handle a said conditional certificate data structure including multiple said conditions in 
predetermined logical relationship. 

30. (previously presented) A trust chain discovery engine according to claim 25, adapted to 
handle a said conditional certificate data structure that has substantially the same form as an 
SPKI certificate with said condition being held in a validity field of the certificate. 
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NONE. 
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